System and methods for remote maintenance in an electronic network with multiple clients

ABSTRACT

A system for performing remote maintenance in an electronic network configured to serve a plurality of clients may comprise a client, a database, and a virtual machine. The client may include a plurality of processing resources. Each one of the plurality of processing resources may have a respective set of processing instructions stored on an respective associated computer readable memory. The database may include information correlating a list of processing resources with a respective set of processing instructions. The virtual machine may be operable to access the database and perform calculations simulating proposed combinations of processing resources and their respective set of processing instructions before approving a software update requested for the client.

RELATED APPLICATIONS

This application claims the benefit of U.S. Provisional Application No.61/316,498 filed on Mar. 23, 2010, entitled “REMOTE MAINTENANCE”, whichis incorporated herein in its entirety.

This application is also related to copending patent applicationentitled “System and Methods for Remote Maintenance In An ElectronicNetwork With Multiple Clients,” application Ser. No. ______(073338.0734), filed on the same date as the present application.

This application is also related to copending patent applicationentitled “System and Methods for Remote Maintenance In An ElectronicNetwork With Multiple Clients,” application Ser. No. ______(073338.0736), filed on the same date as the present application.

This application is also related to copending patent applicationentitled “System and Methods for Remote Maintenance In An ElectronicNetwork With Multiple Clients,” application Ser. No. ______(073338.0737), filed on the same date as the present application.

This application is also related to copending patent applicationentitled “System and Methods for Remote Maintenance In An ElectronicNetwork With Multiple Clients,” application Ser. No. ______(073338.0738), filed on the same date as the present application.

TECHNICAL FIELD OF THE INVENTION

The present invention relates generally to information exchange and,more particularly, to a method and system for remote maintenance of aninformation handling system with improved safety and security.

BACKGROUND

Distributed communication networks include a wide range of systems, fromprivate intranets to the unsecured Internet. In any communicationnetwork, electronic content flows from one point in the network toanother. Electronic content, in this context, may include electronicdocuments, executable files, data files, etc. In some communicationnetworks, access to the electronic content may be restricted and/orlimited to particular users and/or clients. Several methods exist toverify the identity of a user attempting to gain access to electroniccontent, such as username and password combinations, public/private keycombinations, and/or biometrics. In some networks, a central server mayemploy such methods before distributing electronic content to arequesting user and/or client.

Software exchange between service providers and clients may be improvedby certifying the content and security of the data exchanged. Somesystems for certification are difficult to implement for a variety ofreasons. For example, it may be difficult to protecting scanning andreporting agents within an operating system. As another example, thesize of a client system may require too much time to complete a scanand/or transmit a report due to size. As another example, some systemsmay not be able to provide a secure connection between a biometricsensor and the reporting agent. Improved certification methods andsystems may improve security, speed, and/or efficiency of softwareexchange between service providers and clients.

SUMMARY OF THE DISCLOSURE

The present disclosure provides a method and system for distributingelectronic content that substantially eliminates or reduces at leastsome of the disadvantages and problems associated with previous methodsand systems.

According to one embodiment, a system for performing remote maintenancein an electronic network configured to serve a plurality of clients maycomprise a client, a database, and a virtual machine. The client mayinclude a plurality of processing resources. Each one of the pluralityof processing resources may have a respective set of processinginstructions stored on an respective associated computer readablememory. The database may include information correlating a list ofprocessing resources with a respective set of processing instructions.The virtual machine may be operable to access the database and performcalculations simulating proposed combinations of processing resourcesand their respective set of processing instructions before approving asoftware update requested for the client.

According to another embodiment, a method for performing remotemaintenance in a client system served by an electronic network maycomprise maintaining a database, receiving a request for a softwareupdate, accessing the database, and performing calculations. Thedatabase may include information correlating a list of client systemnodes with a respective set of processing instructions. The request mayinclude an identifier corresponding to a specific client system and aspecific set of processing instructions. Accessing the database mayinclude retrieving the information related to the nodes associated withthe client systems and the respective set of processing instructionscorrelated to the associated processors. The calculations may simulate acombination of nodes and respective processing instructions that wouldresult from the installation of the requested software update.

The methods and systems disclosed herein may include techniques usingvirtual machines (VM) discussed below. Technical advantages of certainembodiments of the present disclosure include increased security and/orreliability in remote maintenance including wireless transfer ofelectronic content from an external data center serving a plurality ofclient systems. Other technical advantages will be readily apparent toone skilled in the art from the following figures, descriptions, andclaims. Moreover, while specific advantages have been enumerated above,various embodiments may include all, some or none of the enumeratedadvantages.

BRIEF DESCRIPTION OF THE DRAWINGS

For a more complete understanding of the present invention and itsadvantages, reference is now made to the following description, taken inconjunction with the accompanying drawings, in which:

FIG. 1 shows an example communication network, including a client systemand an external data center, in accordance with teachings of the presentdisclosure;

FIG. 2 shows an example communication network, including an exampleclient system and external data center, in accordance with teachings ofthe present disclosure;

FIG. 3 shows an example communication network, including details of aclient system, in accordance with teachings of the present disclosure;and

FIGS. 4-11 show flowcharts depicting various methods for remotemaintenance of an information handling system with improved safety andsecurity.

DETAILED DESCRIPTION OF THE INVENTION

Preferred embodiments and their advantages are best understood byreference to FIGS. 1 through 11, wherein like numbers are used toindicate like and corresponding parts. FIG. 1 shows a simplifiedrepresentation of an example electronic network 1, in accordance withthe teachings of the present disclosure. Electronic network 1 mayinclude a data center 10 and a client system 20. Some embodiments ofelectronic network 1 may include numerous clients and their respectiveclient systems. In FIGS. 1-3, a single client and its client system 20is shown and discussed for the sake of clarity.

Data center 10 may be configured to provide maintenance to variousclients and/or client systems 20. Such maintenance may include managingsoftware and/or firmware updates and/or status. In complicatedelectronic networks with many client systems 20, managing the deliveryof electronic content to various client systems 20 may be even moredifficult if reports must be certified and/or verified.

For purposes of this disclosure, “electronic content,” “content,”“software,” and/or “software updates” may include any file, files,object code, executable code, data records, or any other electronicallyrecorded data structure that a client of a electronic network may wishto access. Illustrative examples may include text files, spreadsheets,email, medical records, images, and other electronic data, as well asweb pages, private networks, word processing programs, file managementsystems, and other programs. Additionally, a “client” may refer to aperson acting as an end user or to the device or devices used by such aperson to access the communication network, such as a personal computer,kiosk, or mobile computing device.

Trusted Computing and TrustCube may provide certifiable reportingrelated to client systems 20 to a service provider (e.g., data center10). Certifiable reporting may create difficulty in protecting scanningand/or reporting agents associated with the client systems 20. Inaddition, the time required to complete a scan and send a largeassociated report may be too large. As another example, it may bedifficult to implement a biometric sensor to the client system 20 andits reporting agent.

In some embodiments of the present invention, the combination of virtualmachine (VM) technology and trusted computing techniques may provideadvantages over other methods. For example, using a first VM with aminimal operating system (OS) for the limited purpose of generatingreports may provide protection for the rest of the client system 20against external access. As another example, because the first VM uses asmaller number of files and the files are smaller, the size of thereports sent to the data center 10 may be reduced. The advantages can beincreased by using virtual hard disk images and virtual memory imagesinstead of individual files in hard disk partitions. As another example,a limited purpose OS may repeatedly use the same files and/or memoryimages and changes to those files and images may be discarded and/ordeleted.

In some embodiments, VM technology may be combined with file storagetechniques (e.g., mbox). For example, files may be stored in plain textformat in a single file. Such techniques may allow text processing toolsto be readily used on the contents.

A virtual machine manager (VMM) may create, run, monitor, and/orterminate various VMs. The VMM may function to intercept interruptsand/or faults between VMs and/or to control the access that anapplication has to a hardware device and/or installed software. A VMMmay also manage multi-tasking for a processor by sharing time betweenvarious threads in which applications and/or VMs run. Use of a VMM mayexpand the functionality of the VMs described above.

As another example, biometric sensors may be incorporated using separateVM and connected to the first VM through a VMM. The data center 10 mayuse certifiable reporting techniques in combination with biometric datato evaluate the trustworthiness of the state of the client system 20and/or the biometric data.

Data center 10 may include processor 12, storage resources 14, and acommunication bus 16. Processor 12 may comprise any system, device, orapparatus operable to interpret and/or execute program instructionsand/or process data, and may include, without limitation, amicroprocessor, microcontroller, digital signal processor (DSP),application specific integrated circuit (ASIC), or any other digital oranalog circuitry configured to interpret and/or execute programinstructions and/or process data. In some embodiments, processor 104 mayinterpret and/or execute program instructions and/or process data storedin storage resources 14, and/or another component of data center 10.

Data center 10 may represent a trusted, dedicated server that managessecurity policies and authenticates attributes. Data center 10 maycontain a database containing a number of policies defining a set ofattribute values that must be met before a client system 20 is grantedpermission to access electronic content and/or software. Data center 10may receive an attribute report from client system 20 identifying one ormore attributes associated with client system 20. After authenticatingthe attributes, data center 10 may determine whether to provide therequested service to client system 20. Application of such attributereport and authentication may also be referred to as “policy-basedmanagement.” The context data may include data representative of clientsystem 20 such as physical location (e.g., IP address), certain softwareinstalled on the requesting machine (e.g., rigorous antivirus software),biometric identifiers, or any other appropriate context attributes ofclient system 20.

Storage resources 14 may be communicatively coupled to processor 12 andmay comprise any system, device, or apparatus operable to retain programinstructions or data for a period of time (e.g., computer-readablemedia). Storage resources 14 may comprise random access memory (RAM),electrically erasable programmable read-only memory (EEPROM), a PCMCIAcard, flash memory, magnetic storage, opto-magnetic storage, or anysuitable selection and/or array of volatile or non-volatile memory thatretains data after power to storage resources 12 is turned off.

Storage resources 14 may include any combination of hardware andsoftware, including controlling logic. For example, storage resources 14may include a centralized repository of documents, such as medicalrecords. As another example, storage resources 14 may represent anapplication service provider which provides access to particularapplications, software or other media over a network. Such applications,software, or media may include, among other things, document readers,web browsers, or document editing software. As another example, storageresources 14 may be associated with an online networking website or anEmail provider.

For clarity of description, FIG. 1 depicts processor 12 and storageresources 14 as separate components. In some embodiments, processor 12and storage unit 14 may include stand-alone software programs stored oncomputer-readable media and executable by one or more processorsassociated with one or more computers and/or servers. However, processor12 and storage unit 14 may also include components or subroutines of alarger software program, hard-coded into computer-readable media, and/orany hardware or software modules configured to perform the desiredfunctions.

Communication bus 16 may be any suitable system, apparatus, or deviceoperable to serve as an interface between data center 10 and network 18.Communication bus 16 may enable data center 10 to communicate overnetwork 18 using any suitable transmission protocol and/or standard,including without limitation all transmission protocols and/or standardsenumerated below with respect to the discussion of network 18. In someembodiments, network 18 may be a closed network (e.g., network 18 isonly accessible by authorized clients).

As illustrated, network 18 may include any network capable oftransmitting audio and/or video telecommunication signals, data, and/ormessages. Some examples may include all, or a portion of, a radio accessnetwork, a public switched telephone network (PSTN), a public or privatedata network, a local area network (LAN), a metropolitan area network(MAN), a wide area network (WAN), a local, regional, or globalcommunication or computer network such as the Internet, a wireline orwireless network, an enterprise intranet, or any combination of thepreceding.

In operation, network 18 may provide connectivity between componentscoupled to network 18 using any appropriate communication protocol. Tofacilitate the described communication capabilities, network 18 mayinclude routers, hubs, switches, gateways, call controllers, and/or anyother suitable components in any suitable form or arrangement.Additionally, network 18 may include any hardware and/or softwareconfigured to communicate information in the form of packets, cells,frames, segments or other portions of data. Although network 18 isillustrated as a single network, communication network 18 may compriseany number or configuration of networks. Moreover, certain embodimentsof communication network 1 may include any number or configuration ofnetwork 18.

In some embodiments, network 18 may include a virtual private network(VPN). A VPN provides increased security over an open and/or publicnetwork. In general, a VPN segregates and/or encapsulates data transfersso that the data may be kept private and/or secure from other devicessharing a intervening network (e.g., a LAN or a WAN). In operation a VPNmay allow a plurality of clients 20 to interact with data center 10 asif connected directly and/or privately.

Client 20 may include any system and/or component of electronic network1 maintained, at least in part, by data center 10. Client 20 may includemultiple processors, related software and/or firmware, sensors, etc. Forexample, client 20 may include an automobile and its internal network.As another example, client 20 may include a portable phone withprocessors and software identity modules (SIM) cards. In the context ofthis disclosure, client 20 may be described with respect to specificembodiments, by the teachings are not so limited. In some embodiments,the various processors and storage resources associated with client 20may be provided by multiple vendors and/or service providers. In thoseembodiments, maintenance of the various processors and their associatedsoftware and/or firmware may be complicated by the need to coordinatedata across the multiple vendors and/or service providers. Rather thanallow unfettered access to the entire client system 20, the teachings ofthis disclosure may allow for virtual partitions segregating the variousresources from one another.

Client 20 may include a computer and/or a computing device includingfunctionality for wireless communication with data center 10. Forexample, client 20 may include a desktop computer, a laptop computer, apersonal digital assistant (PDA), a smart phone, a cellular or mobilephone, an in- or out-of-car navigation system, and/or a mobile gamingdevice. Client 20 may operate one or more client applications (e.g., aweb browser, a text editor, etc.).

FIG. 1 shows an example client system 20 including a processing module21, multiple VMs 22, a VMM 24, a trusted platform module (TPM) 26, aresource list 28, an client network system 30, a node 32, and a GPSinterface 40. Some embodiments may provide increased security of a VM 22by creating multiple VMs 22 and controlling the information flow betweenthem using a VMM 24.

Client system 20 may be significantly more complex than the simplifiedclient network system 30 shown in FIG. 1. For example, an automobile mayinclude a client network system 30 (e.g., FlexRay) including multipleprocessors, in some examples several hundred processors. In FIG. 1, node32 represents a single processor and/or another resource associated withclient network system 30.

VM 22 may include a virtual machine corresponding to client networksystem 30 and/or to a single process associated with client networksystem 30. Multiple VMs 22 may run multiple operating systems (OS). Insuch an arrangement, each VM 22 may use a single-purpose OS andtime-share any needed processing resources of client system 20 and/orprocessing module 21 through VMM 24.

Trusted platform module 26 may include resources configured to generatecryptographic keys (e.g., a hardware pseudo-random number generator). Insome embodiments, TPM 26 may include remote attestation and/or sealedstorage. In some embodiments, TPM 26 includes at least one dedicatedprocessor with a unique and secret RSA key assigned to and burned intothe processor chip during manufacturing. Use of a unique RSA key in TPM26 may allow data center 10 to verify that client system 20 is actuallya client.

For example, TPM 26 may employ a hash key including a summary of thehardware and software configuration of client system 20. A hash key mayallow client system 20 to test any incoming software packages and/orupdates to verify they have not been changed. One example verificationmethod includes binding, encryption based on a TPM endorsement keyunique to a processor during its manufacture and/or another trusted keyrelated to that endorsement key. Another example verification methodincludes sealing, which may impose an additional state requirement onthe condition of the TPM 26.

Resource list 28 may include a list and/or register of entities. In someembodiments, resource list 28 may include a whitelist of entitiesapproved for access and/or recognition. A whitelist may include any datacenter 10 entities that TPM 26 may approve for access to client system20. In some embodiments, resource list 28 may include a blacklist ofentities for which access will be denied.

Client network 30 may include a network system within a particularclient, including multiple processors and/or storage resources. Forexample, client network 30 may include a FlexRay network systemassociated with an automobile. FlexRay is a particular embodiment of anetwork communications protocol developed for managing the numerousprocessors in an automobile system. As another example, acontroller-area network (CAN or CAN-bus) is a particular embodiments ofa communications protocol standard designed to allow microcontrollersand devices to communicate with each other without a host computer.Additional examples include time triggered protocol (TTP) and avionicsfull-duplex switched ethernet (AFDX).

Node 32 in client system 20 may include any particular resources ofclient system 20. For example, node 32 may include processors and/ortheir associated software, firmware, and/or processing instructionsrelated to the processors. For example, an automobile may have a verycomplex network system comprising multiple CPUs. Each CPU may havesoftware and/or firmware for its operation supplied by the vendor.Client network 30 may be responsible for the operation and/ormaintenance of each node 32, including managing the version and/orupdate status of the software and/or firmware associated with each node32 in client system 20.

Global positioning system interface 40 may include any interface withthe Global Positioning System (GPS). GPS includes a space-based globalnavigation satellite system providing reliable location and timeinformation. GPS is accessible by anyone and/or any system with a GPSreceiver. The use of particular and accurate location and/or timinginformation may allow client processing module 21 to manage informationrequests, downloads, and/or other content.

FIG. 2 shows an example communication network 2, including an exampleclient system 20 and external data centers 10 a and 10 b, in accordancewith teachings of the present disclosure. Data centers 10 may includeany external data base accessible by client system 20. For the purposesof illustration only, one example client system 20 is described inrelation to FIG. 2, where client system 20 comprises a mobile navigationsystem. The teachings of the present disclosure may be used with anyappropriate client system 20.

Communication network 2 may include internet 42, external data centers10, and client mobile navigation system 20. Client system 20 maycommunicate with internet 42 through a private infrastructure 44 (e.g.,a home-based internet connection in a user's home). Data centers 10 aand 10 b may communicate with client system 20 through network 18.Network 18 may provide secure communications as described in thisdisclosure.

Data center 10 a may include a database of electronic content useful inclient system 20. For example, if client system 20 includes a mobilenavigation system, data center 10 a may include maps, updated interfacesfor the user, and other content related to a mobile navigation system.Data center 10 a may also communicate with internet 42 via an ISP.

Data center 10 b may include a database housing firmware, maintenance,and software related to the operation of mobile navigation system 20.For example, data center 10 b may provide a list of the most currentversions of firmware for each processor in mobile navigation system 20.

Client system 20 may operate several VMs 22 in module 21 to interfacewith each separate data source. For example, VM 22 a may include auniversal browser and/or a web OS for interaction with internet 42. Asanother example, VM 22 b and 22 c may include a private application anda virtual OS for interaction with data centers 10 a and 10 b,respectively. As another example, VM 22 d may include a privateapplication and a virtual OS for interaction with various systems in theuser's automobile 32.

Each VM 22 may only communicate to another VM 22 through VMM 24. VMM 24may manage these communications in concert with TPM to increase thesecurity of each VM 22. For example, content received from the internet42 may not be installed to node 32 unless approved by VMM 24 by any ofthe various methods described herein.

FIG. 3 shows details of example communication network 2, includingdetails of client system 20, in accordance with teachings of the presentdisclosure. FIG. 3 shows that VMM 24 be responsible for environmentmanagement of each VM 22. Each VM 22 may include an associatedapplication 44 operated by an OS 46. VMM 24 may provide storageresources 48 to various VMs 22 as appropriate. VMM 24 may operate one ormore programs 50 in association with each VM 22. VMM 24 may alsocooperate with TPM 26 and/or resource list 28 to provide encryption,validation keys, white lists, and/or black lists.

FIG. 4 illustrates a flow chart of an example method 60 for performingremote maintenance in an electronic network configured to serve aplurality of client systems 20, in accordance with certain embodimentsof the present disclosure. Method 60 may include multiple steps and maybe performed by various components of electronic network 1, includingdata center 10 and/or other resources. Method 60 may start at 62. Insome embodiments, client system 20 may include an automobile and/or anFlexRay system associated with an automobile.

Step 64 may include operating a data center 10 having a database ofsoftware associated with various processors and resources in a clientsystem. For example, step 64 may include maintaining a list ofprocessors associated with client system 20, as well as any currentsoftware and/or firmware provided for the use of the processors ofclient system 20.

Step 66 may include communicating with a first virtual machine 22 bhosted by processing module 21 of client system 20. First virtualmachine 22 b may handle a first data set associated with the data center10. First virtual machine 22 b may be managed by VMM 24 as discussedabove. First virtual machine 22 b may be configured to monitor the listof processors and their associated software and/or firmware maintainedby data center 10.

Step 68 may include receiving a request from first virtual machine 22 bidentifying a software update for delivery to client system 20. Forexample, data center 10 may receive such a request from first virtualmachine 22 b through network 18.

Step 70 may include performing an attestation process verifying theidentity of client system 20. An attestation process may include any ofthe verification processes discussed above. In some embodiments, anattestation process may include receiving, testing, and/or verifying oneor more biometric indicators. In some embodiments, data center 10 mayperform the attestation process to verity the identity of client system20.

Step 72 may include sending the identified software update to firstvirtual machine 22 b using a network 18. Network 18 may be a closednetwork as discussed above. In some embodiments, data center 10 mayperform step 72. In some embodiments, the identified software update maybe sent wirelessly.

Step 74 may include authorizing first virtual machine 22 b to installthe identified software update on client system 20 using second virtualmachine 22 c associated with the client system. In some embodiments,data center 10 may perform step 74. In other embodiments, VMM 26 mayperform step 74. Method 60 may end at 76.

Method 60 may be useful on client systems 20 where first virtual machine22 b and second virtual machine 22 c communicate through VMM 24. Use ofVMM 24 may protect client system 20 from direct access by data center 10and/or otherwise increase security of the components of client system20. In some embodiments of method 60 first virtual machine 22 b mayinterrogate second virtual machine 22 c to verify client system 20 hassuccessfully installed the software update.

In client systems 20 with a large number of nodes 32, traditionalmethods of maintenance would require client system 20 to be serviced ata secure maintenance location. Remote maintenance by radio transmissionand/or another over-the-air system may decrease security under thosetraditional methods.

In contrast, electronic networks 1 employing method 60 may allow the useof remote maintenance without decreasing security. Particularembodiments of electronic network 1 may increase the security of anyparticular VM 22 by managing the VMs 22 with VMM 24, where data exchangebetween the various VMs 22 may be operated and/or controlled by VMM 24.

FIG. 5 illustrates a flow chart of an example method 80 for a clientsystem 20 to request and receive software updates from a remote server,in accordance with certain embodiments of the present disclosure. Method80 may include multiple steps and may be performed by various componentsof electronic network 1, including processor module 21 of client system20 and/or other resources. In some embodiments, client system 20 mayinclude an automobile and/or an FlexRay system associated with anautomobile. Method 80 may start at 82.

Step 84 may include hosting two VMs 22 associated with client system 20.First VM 22 b may handle a first data set associated with the clientsystem 20. Second VM 22 c may handle a second data set associated withan external data center 10.

Step 86 may include operating a VMM 24 configured to managecommunication between the two virtual machines 22. Use of VMM 24 mayprotect client system 20 from direct access by data center 10 and/orotherwise increase security of the components of client system 20.

Step 88 may include recognizing the first data set is out of date incomparison with the second data set. Step 88 may be performed by a VM22. For example, second VM 22 b may interrogate first VM 22 c to checkthe status, version, and/or configuration of any processors and/or theirrespective software and/or firmware. For example, second VM 22 b maycompare the status, version, and/or configuration of a particularprocessor and/or its respective software and/or firmware against theupdated data in data center 10.

Step 90 may include identifying a software update for delivery to clientsystem 20. Step 90 may be performed by a VM 22, data center 10, and/orother components of electronic network 1. In some embodiments, VM 22 maytransmit data related to client system 20 to data center 10 via a securemechanism (e.g., via TPM/TNC).

Step 92 may include performing an attestation process verifying theidentity of the data center 10. An attestation process may include anyof the verification processes discussed above. In some embodiments, anattestation process may include receiving, testing, and/or verifying oneor more biometric indicators. In some embodiments, client system 20 mayperform the attestation process to verify the identity of data center 10using second VM 22 b, TPM 24, and/or resource list 28.

Step 94 may include requesting the identified software update from theexternal data center 10. In some embodiments, second VM 22 b may performstep 94. The identified software update may include various softwareand/or firmware related to one or more nodes 32 of client system 20(e.g., a CPU).

Step 96 may include receiving the identified software update from theexternal data center 10 to the client system 20. In some embodiments,second VM 22 b will perform step 96. The identified software update maybe transmitted over network 18. In some embodiments, VMM 24 may checkthe received software update for integrity before performing step 98.

Step 98 may include installing the sent software update on client system20 through first virtual machine 22 b. In some embodiments of method 80second virtual machine 22 b may interrogate first virtual machine 22 cto verify client system 20 has successfully installed the softwareupdate. In some embodiments, client system 20 may create and/or maintaina log for the receipt and/or installation of the software updates. Insome embodiments, data center 10 may create and/or maintain a log forthe sending and/or installation of the software update. The log mayinclude a time stamp.

Method 80 may end at 99.

In client systems 20 with a large number of nodes 32, traditionalmethods of maintenance would require client system 20 to be serviced ata secure maintenance location. Remote maintenance by radio transmissionand/or another over-the-air system may decrease security under thosetraditional methods.

In contrast, electronic networks 1 employing method 80 may allow the useof remote maintenance without decreasing security. Particularembodiments of electronic network 1 may increase the security of anyparticular VM 22 by managing the VMs 22 with VMM 24, where data exchangebetween the various VMs 22 may be operated and/or controlled by VMM 24.

FIG. 6 illustrates a flow chart of an example method 100 for performingremote maintenance in a client system served by an electronic network,in accordance with certain embodiments of the present disclosure. Method100 may include multiple steps and may be performed by variouscomponents of electronic network 1, including data center 10 and/orother resources. In some embodiments, client system 20 may include anautomobile and/or an FlexRay system associated with an automobile.Method 100 may start at 102.

Step 104 may include maintaining a database including informationcorrelating a list of client system nodes 32 with a respective set ofprocessing instructions. Data center 10 may perform step 104 alone or inconjunction with other resources. For example, an individual may beresponsible for updating the database as new information becomesavailable. As another example, various vendors and/or suppliersassociated with client system nodes 32 may deliver updated softwareand/or firmware packages to data center 10 electronically.

Step 106 may include receiving a request for a software update, therequest including an identifier corresponding to a specific clientsystem 20 and a specific set of processing instructions. Data center 10may perform step 106. Data center may receive the request over network18.

Step 108 may include accessing the database to retrieve the informationrelated to the client system nodes 32 and the respective set ofprocessing instructions correlated to the associated nodes 32. Datacenter 10 may perform step 108 based on the received request.

Step 110 may include performing calculations simulating a combination ofnodes 32 and respective processing instructions that would result fromthe installation of the requested software update. Data center 10 mayperform step 110.

Method 100 may end at 112.

In some embodiments, client systems 20 may include a complex networksystem comprising multiple nodes 32 (e.g., CPUs and/or processingresources). Each node 32 may include associated software and/or firmwaresupplied by the vendor. As any particular node 32 receives updatedsoftware and/or firmware from its respective vendor, a new combinationof software and/or firmware exists for client system 20. The number ofpossible combinations may be very large. An inoperative and/orinappropriate combination of software and/or firmware may affect theoperation of client system 20. In some embodiments, data center 10 maymaintain a database of nodes 32 and their respective software.

Method 100 may allow data center 10 and/or additional components ofelectronic network 1 to simulate a proposed combination of nodes 32and/or their associated software and/or firmware before delivering anyelectronic content to client system 20. Testing a proposed combinationfor operational integrity, compatibility, and/or any other appropriatestandard may increase the reliability and/or stability of client system20.

FIG. 7 illustrates a flow chart of an example method 120 for performingremote maintenance on client system 20 served by an electronic network 1serving a plurality of clients 20, in accordance with certainembodiments of the present disclosure. Method 120 may include multiplesteps and may be performed by various components of electronic network1, including client system 20 and/or other resources. In someembodiments, client system 20 may include an automobile and/or anFlexRay system associated with an automobile. Method 120 may start at122.

Step 124 may include receiving a list of updated software modulesavailable for delivery to the plurality of client systems 20. Theupdated software modules may be hosted on plurality of servers. Step 124may be performed by client system 20. For example, first VM 22 b mayquery data center 10 for the list and then receive the list.

Step 126 may include determining whether to request any of the updatedsoftware modules on the list based at least in part on the identity of aplurality of nodes 32 associated with client system 20. In someembodiments, first VM 22 b may consider the list of processors in clientsystem 20 and compare that list versus the list of available modules.For example, if client system 20 is an automobile and/or a FlexRaysystem associated with an automobile, first VM 22 b may determinewhether to request an update based on the make, model, and/or year ofthe automobile.

Step 128 may include requesting an updated software module. In someembodiments, step 128 may be an over-the-air and/or a remotecommunication. Client system 20 may perform step 128. For example, firstVM 22 b may request the updated software module from data center 10.

Step 130 may include receiving the requested updated software module. Insome embodiments, the updated software modules may be hosted on aplurality of servers. In such embodiments, client system 20 may receivethe requested module from the particular server hosting the requestedmodule. In such embodiments, the list of updated software modules mayinclude a uniform resource locator identifying the location of eachmodule.

Step 132 may include installing the received updated software module onthe client system. The updated software module may be deliveredover-the-air and/or by another remote communication system. Method 120may end at 134.

FIG. 8 illustrates a flow chart of an example method 140 for performingremote maintenance in an electronic network 1 configured to serve aplurality of client systems 20 in accordance with certain embodiments ofthe present disclosure. Method 140 may include multiple steps and may beperformed by various components of electronic network 1, including datacenter 10 and/or other resources. In some embodiments, client system 20may include a mobile phone. Method 140 may start at 142.

Step 144 may include operating data center 10 having a database ofsoftware associated with various nodes 32 in a client system. Inembodiments where client system 20 includes a mobile phone, nodes 32 mayinclude various software identifier modules (SIMs). Data center 10 mayperform step 144.

Step 146 may include communicating with first virtual machine 22 bhosted by client system 20. First virtual machine 22 b may handle afirst data set associated with data center 10. For example, firstvirtual machine 22 b may be configured to access a list of variousconfigurations, revision numbers, etc. related to the various nodes 32of client system 20. Data center 10 may perform step 146 using network18. Data center 10 may compare the data set associated with first VM 22b to a list of current versions and/or update status and flag anyvariations in identity.

Step 148 may include receiving a request first virtual machine 22 bidentifying a software update for delivery to one of the various nodes32 in client system 20. For example, first VM 22 b may request asoftware update for a particular SIM in a mobile phone. Data center 10may perform step 148.

Step 150 may include performing an attestation process verifying theidentity of client system 20. Data center 10 may perform step 150. Anattestation process may include any of the verification processesdiscussed above. In some embodiments, an attestation process may includereceiving, testing, and/or verifying one or more biometric indicators.In some embodiments, client system 20 may perform the attestationprocess to verify the identity of data center 10 using second VM 22 b,TPM 24, and/or resource list 28.

Step 152 may include sending the identified software update to the firstvirtual machine using a network. In some embodiments, data center 10 maysend the identified software over network 18. In some embodiments, step152 may be performed by sending the identified software update wirelessand/or over-the-air.

Step 154 may include authorizing first VM 22 b to install the receivedsoftware update on client system 20 using a second VM 22 c associatedwith the one of the various nodes 32. First VM 22 b and second VM 22 cmay communicate through VMM 24. In some embodiments, client system 20may perform an attestation process verifying the integrity and/or safetyof the received software before accepting it from data center 10. Method140 may end at 156. Attestation may occur before and/or after theinstallation of the received software update.

In some embodiments, first 22 b may interrogate second VM 22 c to verifyclient system 20 has received the software update. In some clientsystems 20, each of multiple nodes 32 may operate with a uniqueoperating system. For example, in a mobile phone with multiple SIMcards, each SIM card may operate on its own OS. Data exchange betweenmultiple SIM cards and/or between various VMs 22 of client system 20 maybe complicated because of the variation in OS. In some embodiments, aparticular SIM card may have lower level security requirements incomparison with another SIM care and its OS. In such embodiments,traditional maintenance requires the client system 20 to be serviced ina secure maintenance location.

Use of method 140 and the teachings of the present disclosure may allowover-the-air and/or wireless maintenance of client system 20. In clientsystems with multiple VMs 22 linked through VMM 24, data exchangebetween data center 10 and client system 20 may be supported by TPM 26and provide increased security and/or reliability.

FIG. 9 illustrates a flow chart of an example method 160 for clientsystem 20 to request and receive software updates from a remote server10, in accordance with certain embodiments of the present disclosure.Method 160 may include multiple steps and may be performed by variouscomponents of electronic network 1, including client system 20 and/orother resources. In some embodiments, client system 20 may include amobile phone. Node 32 may comprise a subscriber identity module (SIM)card. Method 160 may start at 162.

Step 144 may include hosting two virtual machines 22 associated with theclient system 20. First VM 22 b may handle a first data set associatedwith external data center 10. Second VM 22 c may handle a second dataset associated with node 32 in client system 10. First VM 22 b andsecond VM 22 c may communicate through VMM 24 to maintain data integrityand/or reliability for the various VMs 22.

Step 146 may include operating VMM 24 configured to manage communicationbetween the two VMs. Client system 20 may perform step 146 incombination with TPM 26.

Step 148 may include recognizing the first data set is out of identitywith the second data set. Data center 10, VM 22 b or 22 c, and/or VMM 24may perform step 148.

Step 150 may include identifying a software update for delivery to node32, the software update configured to restore identity between the firstdata set and the second data set.

Step 152 may include performing an attestation process verifying theidentity of the client system, verifying the identity of the data center10, and/or the reliability and/or safety of the software updateidentified. Any portion of electronic network 1 may perform theattestation process. For example, VMM 24 may operate in conjunction withTPM 26 to validate the identity of the software package and/or datacenter 10.

Step 154 may include requesting the identified software update fromexternal data center 10. First VM 22 b may perform step 154.

Step 156 may include receiving the identified software update fromexternal data center 10 to first VM 22 b.

Step 158 may include installing the sent software update on node 32through second VM 22 c. In some embodiments, first 22 b may interrogatesecond VM 22 c to verify node 32 has received the software update.

In some client systems 20, each of multiple nodes 32 may operate with aunique operating system. For example, in a mobile phone with multipleSIM cards, each SIM card may operate on its own OS. Data exchangebetween multiple SIM cards and/or between various VMs 22 of clientsystem 20 may be complicated because of the variation in OS. In someembodiments, a particular SIM card may have lower level securityrequirements in comparison with another SIM care and its OS. In suchembodiments, traditional maintenance requires the client system 20 to beserviced in a secure maintenance location.

Use of method 160 and the teachings of the present disclosure may allowover-the-air and/or wireless maintenance of client system 20. In clientsystems with multiple VMs 22 linked through VMM 24, data exchangebetween data center 10 and client system 20 may be supported by TPM 26and provide increased security and/or reliability.

FIG. 10 illustrates a flow chart of an example method 182 for verifyingelectronic software code integrity, in accordance with certainembodiments of the present disclosure. Method 182 may include multiplesteps and may be performed by various components of electronic network1, including client system 20 and/or other resources. Method 182 maystart at 184.

Step 186 may include providing a plurality of encryption keys to clientsystem 20, each of the plurality of encryption keys correlated to arespective time factor. The time factor may depend at least in part on acontrol factor and a time stamp generated at the delivery of thesoftware code packet, an update timing of the software code packet, oran update timing of a trusted protocol module associated with theclient.

Step 188 may include encrypting a software code packet using one of theplurality of encryption keys based on a time factor related to thesoftware code packet.

Step 190 may include delivering the encrypted software code packet toclient system 20.

Step 192 may include informing client 20 to choose a decryption keybased on the time factor correlating to the time client 20 receives thesoftware code packet. Method 182 may end at 194.

Traditional software code integrity may be checked using an electronicsignature (e.g., a public key infrastructure (PKI) certificationmethod). Use of an electronic signature, however, may be unreliablecompared to the methods of this disclosure. For example, electronicsignatures may incorporate an expiration date, after which the signaturewill fail. It may be possible to replace and/or change code beforeand/or after the electronic signature validation process is performed.

In accordance with the teachings of the present disclosure, codeintegrity may be substantially improved by including an updatetiming/key control. The encryption key may change based on a timefactor. For example, the time factor may depend at least in part on atime stamp related to the sending and/or the delivery of electroniccontent. As another example, the time factor may depend at least in parton the update timing of TPM 26 and/or a VM 22. In any case, the timefactor may also depend on a pre-arranged control factor, α. Multipleencryption keys may be stored by resource list 28 associated with TPM26. Using the appropriate encryption key, TPM 26 may also check theexpiration of the electronic content using its electronic signaturedate.

FIG. 11 illustrates a flow chart of an example method 200 for verifyingelectronic software code integrity, in accordance with certainembodiments of the present disclosure. Method 200 may include multiplesteps and may be performed by various components of electronic network1, including client system 20 and/or other resources. Method 200 maystart at 202.

In accordance with the teachings of the present disclosure, codeintegrity may be substantially improved by including an updatetiming/key control. The encryption key may change based on a timefactor. For example, the time factor may depend at least in part on atime stamp related to the sending and/or the delivery of electroniccontent. As another example, the time factor may depend at least in parton the update timing of TPM 26 and/or a VM 22. In any case, the timefactor may also depend on a pre-arranged control factor, α. Multipleencryption keys may be stored by resource list 28 associated with TPM26. Using the appropriate encryption key, TPM 26 may also check theexpiration of the electronic content using its electronic signaturedate.

Step 204 may include storing a list of encryption keys from data center10, each of the encryption keys correlated to a respective time factor.The list may be stored by TPM 24 and/or by a storage resource associatedwith TPM 24.

Step 206 may include receiving an encrypted software code packet fromdata center 10. In some embodiments, an electronic signature may also bereceived.

Step 208 may include choosing an encryption key based on a time factor.In some embodiments, TPM 24 may also check an electronic signaturedelivered with the encrypted software packet. Method 200 may end at 210.

Although FIGS. 4-11 represent a particular number of steps to be takenwith respect to methods 60, 80, 100, 120, 140, 160, 184, and 200, thevarious methods may be executed with more or fewer steps than thosedepicted. Using the methods and systems disclosed herein, certainproblems associated with maintaining secure access to electronic contentmay be improved, reduced, or eliminated. For example, the methods andsystem disclosed herein may provide increased security and/orreliability for electronic network performing remote maintenance ofclient systems.

Although the present invention has been described with severalembodiments, various changes and modifications may be suggested to oneskilled in the art. It is intended that the present invention encompasssuch changes and modifications as fall within the scope of the appendedclaims. The teachings of the present disclosure encompass all changes,substitutions, variations, alterations, modifications to the exampleembodiments herein that a person having ordinary skill in the art wouldcomprehend.

In particular embodiments, one or more web pages may be associated witha networking system and/or networking service. Particular embodimentsmay involve the retrieval and/or rendering of structured documentshosted by any type of network addressable resource or web site.Additionally, as used herein, a “user” may include an individual, agroup, and/or a corporate entity (e.g., a business and a third partyapplication).

1. A system for performing remote maintenance in an electronic networkconfigured to serve a plurality of clients, the system comprising: aclient including a plurality of nodes; each one of the plurality ofnodes having a respective set of processing instructions stored on anrespective associated computer readable memory; a database associatedwith the electronic network, the database including informationcorrelating a list of nodes with a respective set of processinginstructions; and a virtual machine operable to access the database andperform calculations simulating proposed combinations of nodes and theirrespective set of processing instructions before approving a softwareupdate requested for the client.
 2. A system according to claim 1,wherein the virtual machine includes: an operating system; andprocessing instructions encoded in a computer readable memory, theprocessing instructions, when executed by the processing resource,operable to perform operations comprising: receiving a request toprovide a software update to the client; querying the database forinformation associated with the client; simulating a combination of theplurality of nodes of the client with the requested software update;comparing a result of the simulation to one or more rules forcompatibility; and approving the requested software update if the resultcomplies with the one or more rules for compatibility.
 3. A systemaccording to claim 1, wherein the client is an automobile.
 4. A systemaccording to claim 1, further comprising the virtual machine configuredto receive data regarding a current status of the client through atrusted platform module.
 5. A system according to claim 1, wherein theclient includes a FlexRay system associated with an automobile.
 6. Asystem according to claim 1, further comprising the virtual machineoperable to perform a risk analysis for a requested software updatebased on one or more safety factors.
 7. A system according to claim 1,further comprising the virtual machine operable to perform a riskanalysis for a requested software update based at least on a high speedperformance metric.
 8. A system according to claim 1, further comprisingthe virtual machine operable to perform a risk analysis for a requestedsoftware update based at least on an environmental resistanceperformance metric.
 9. A system according to claim 1, further comprisingthe virtual machine operable to create a report regarding the softwareupdate requested for the client.
 10. A system according to claim 1,further comprising the virtual machine operable to create a reportregarding the software update requested for the client, the reportincluding a summary of operational information related to the client.11. A system according to claim 1, further comprising the virtualmachine operable to create a report regarding the software updaterequested for the client, the report including a Hash value calculatedby a trusted platform module.
 12. A system according to claim 1, furthercomprising the virtual machine operable to create a report regarding thesoftware update requested for the client, the report including a timestamp.
 13. A system according to claim 1, further comprising the virtualmachine operable to create a report regarding the software updaterequested for the client, the report stored by a computer readablememory associated with the electronic network.
 14. A system according toclaim 1, further comprising the virtual machine operable to propose analternative software update if the requested software update fails tocomply with a rule for compatibility.
 15. A method for performing remotemaintenance in a client system served by an electronic network, themethod comprising: maintaining a database including informationcorrelating a list of client system nodes with a respective set ofprocessing instructions; receiving a request for a software update, therequest including an identifier corresponding to a specific clientsystem and a specific set of processing instructions; accessing thedatabase to retrieve the information related to the nodes associatedwith the client systems and the respective set of processinginstructions correlated to the associated processors; and performingcalculations simulating a combination of nodes and respective processinginstructions that would result from the installation of the requestedsoftware update.
 16. A method according to claim 15, further comprisingcomparing a result of the simulation calculations to one or more rulesfor compatibility.
 17. A method according to claim 15, furthercomprising approving the requested software update if a result of thesimulation calculations complies with one or more rules forcompatibility.
 18. A method according to claim 15, further comprisingreceiving data regarding a current status of the client system through atrusted platform module.
 19. A method according to claim 15, wherein theclient system includes a FlexRay system associated with an automobile.20. A method according to claim 15, further comprising performing a riskanalysis for the requested software update based on one or more safetyfactors.
 21. A method according to claim 15, further comprisingperforming a risk analysis for a requested software update based atleast on a high speed performance metric.
 22. A method according toclaim 15, further comprising performing a risk analysis for a requestedsoftware update based at least on an environmental resistanceperformance metric.
 23. A method according to claim 15, furthercomprising creating a report regarding the software update requested forthe client system.
 24. A method according to claim 15, furthercomprising creating a report regarding the software update requested forthe client system, the report including a summary of operationalinformation related to the client.
 25. A method according to claim 15,further comprising creating a report regarding the software updaterequested for the client system, the report including a Hash valuecalculated by a trusted platform module.
 26. A method according to claim15, further comprising creating a report regarding the software updaterequested for the client system, the report including a time stamp. 27.A method according to claim 15, further comprising creating a reportregarding the software update requested for the client, the reportstored by a computer readable memory associated with the electronicnetwork.
 28. A method according to claim 15, further comprisingproposing an alternative software update if the requested softwareupdate fails to comply with a rule for compatibility.